Platform Engineering Lead

About the ICRC

Since 1863, the International Committee of the Red Cross (ICRC) has worked to relieve suffering and preserve human dignity during war and armed violence. Alongside our Red Cross and Red Crescent partners, we deliver life-saving aid across front lines and strive to reconnect families and locate missing people.

Engaging with authorities and armed forces on all sides, often confidentially, we advocate for humane treatment of detainees and urge compliance with international humanitarian law to protect civilians from harm, including online.

Purpose of the Role

We are looking for an experienced Platform Engineering Lead to own the engineering practices, toolchain, and delivery pipelines that power our software development lifecycle. As the technical authority on CI/CD, code quality, API management, secrets management, and container platform delivery, you will drive both global digital services and field-facing humanitarian applications deployed in some of the most operationally demanding environments in the world. You will lead a cross-functional team, set standards adopted across all engineering squads, and serve as the connecting force between development, platform, security, and operations, all in direct support of ICRC's mandate to protect and assist people affected by armed conflict and other situations of violence.

Reports to (role)

Engineering Technology Manager

Main Duties & Responsibilities

• Own and evolve the end-to-end CI/CD strategy on Azure DevOps, covering pipelines as code, multi-stage deployments, environment promotion gates, and self-service pipeline templates for development squads.
• Architect and maintain Azure DevOps organizations, projects, agent pools (Microsoft-hosted and self-hosted), service connections, and pipeline security controls.
• Administer SonarQube, including quality gate design, custom rule sets, branch analysis, PR decoration, and integration with Azure DevOps pipelines, ensuring consistent code quality and security standards across all repositories.
• Own the Gravitee API Gateway platform: design and enforce API management policies, plans, subscriptions, rate limiting, and authentication flows (OAuth 2.0, API keys, JWT), and govern the developer portal.
• Operate and evolve OpenBao for secrets management, covering auth methods, secret engines, dynamic credentials, lease management, and PKI/certificate issuance.
• Establish and enforce DevSecOps practices, embedding shift-left security scanning (SAST, DAST, SCA, container image scanning) natively into CI/CD pipelines.
• Define branching strategies, release management processes, and versioning standards, including semantic versioning and changelog automation.
• Collaborate with security and compliance teams to ensure all toolchain configurations meet ICRC data-protection policies, audit requirements, and relevant regulatory frameworks.
• Mentor DevOps engineers and embed DevOps culture within product teams through coaching, enablement sessions, and architectural guidance.
• Strengthen open-source capabilities across the DevOps toolchain (OpenBao, Gravitee, SonarQube, Kubernetes) by enforcing SBOM, license compliance, and CVE triage in CI/CD pipelines, in alignment with ICRC OSPO governance and contribution policy.

Education & Professional Background

• Bachelor's or Master's degree in Computer Science or a related field.
• 7+ years in DevOps, platform, or infrastructure engineering roles, with at least 3 years in a lead or senior individual-contributor capacity.
• Agile delivery certification; SAFe certification preferred.
• Experience in complex, international, or multicultural environments is an advantage.
• Strong English (written and spoken) is required; French is a plus.

Skills & Competencies

• Deep hands-on experience with Azure DevOps: pipeline authoring, agent management, environment governance, and organisation-level administration.
• Practical experience operating an API gateway platform (Gravitee, Apigee, or equivalent) in production, including policy design, authentication flows, and developer portal management.
• Solid understanding of secrets management principles, with hands-on experience using HashiCorp Vault or OpenBao, covering auth methods, dynamic secrets, PKI, and least-privilege policy design.
• Experience with security tooling across SAST (e.g. SonarQube), DAST (e.g. Checkmarx), and infrastructure security (e.g. Aqua).
• Strong understanding of open-source security risks and experience applying relevant best practices.
• Knowledge of containerisation technologies (Docker, Kubernetes) and securing containerised workloads.
• Knowledge of data privacy regulations.
• Strong analytical, problem-solving, and communication skills.

Additional Information

• Location: Geneva
• Type of contract: Open-ended
• Activity rate: 100%
• Start date: October 2026
• Recruiter: Alejandra Rodriguez
• Application deadline: Monday, 13th of July 2026

Important information: For future employees and their dependents who are not EU and/or EFTA nationals, settling in Switzerland is now required. Direct settlement in France upon arrival is no longer possible.

Our Values

At the ICRC, we value impact, collaboration, respect, and compassion. We seek candidates who demonstrate behaviors based on these shared values. For more information on the ICRC values, please visit this page.

Are you ready to explore the next chapter of your career? Apply now!